Cybereason CEO leaves after months of boardroom blowups Complaint alleges 13 funding proposals foundered amid battle for control Security06 Mar 2025 |
Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks Xi's freelance infosec warriors apparently paid up to $75K to crack a single American inbox Cyber-crime06 Mar 2025 | 2
Ex-NSA grandee says Trump's staff cuts will 'devastate' America's national security Video Would 'destroy a pipeline of top talent essential for hunting' Chinese spies in US networks, Congress told Public Sector05 Mar 2025 | 16
China's Silk Typhoon, tied to US Treasury break-in, now hammers IT and govt targets Updated They're good at zero-day exploits, too Public Sector05 Mar 2025 | 7
Apple drags UK government to court over 'backdoor' order Updated A first-of-its-kind legal challenge set to be heard this month, per reports Security05 Mar 2025 | 70
Leeds United kick card swipers into Row Z after 5-day cyberattack English football club offers apologies after fans' card details stolen from online retail store Cyber-crime05 Mar 2025 | 5
Qilin ransomware gang boasts of cyberattacks on cancer clinic, Ob-Gyn facility 'No regrets' crew continues extorting victims, leaking highly sensitive data Ransomware in Focus05 Mar 2025 | 1
How prevention is better than cure Stop cyberattacks before they happen with preventative endpoint security Sponsored Post
Ransomware thugs threaten Tata Technologies with leak if demands not met Hunters International ready to off-shore 1.4 TB of info allegedly swiped from Indian giant Ransomware in Focus05 Mar 2025 | 4
VMware splats guest-to-hypervisor escape bugs already exploited in wild The heap overflow zero-day in the memory unsafe code by Miss Creant Virtualization04 Mar 2025 | 8
How Google tracks Android device users before they've even opened an app No warning, no opt-out, and critic claims ... no consent Security04 Mar 2025 | 82
It's bad enough we have to turn on cams for meetings, now the person staring at you may be an AI deepfake Says the biz trying to sell us stuff to catch that, admittedly AI + ML04 Mar 2025 | 15
So … Russia no longer a cyber threat to America? Comment Mixed messages from Pentagon, CISA as Trump gets pally with Putin and Kremlin strikes US critical networks Public Sector04 Mar 2025 | 193
Cybersecurity not the hiring-'em-like-hotcakes role it once was Analysis Ghost positions, HR AI no help – biz should talk to infosec staff and create 'realistic' job outline, say experts CSO03 Mar 2025 | 17
Microsoft unveils finalized EU Data Boundary as European doubt over US grows Some may have second thoughts about going all-in with an American vendor, no matter where their data is stored PaaS + IaaS03 Mar 2025 | 47
Polish space agency confirms cyberattack Officials vow to uncover who was behind it Ransomware in Focus03 Mar 2025 | 3
UK watchdog investigates TikTok and Reddit over child data privacy concerns ICO looking at what data is used to serve up recommendations Security03 Mar 2025 | 3
Governments can't seem to stop asking for secret backdoors Opinion Cut off one head and 100 grow back? Decapitation may not be the way to go Cyber-crime03 Mar 2025 | 116
US Cyber Command reportedly pauses cyberattacks on Russia Infosec In Brief PLUS: Phishing suspects used fishing gear as alibi; Apple's 'Find My' can track PCs and Androids; and more Security03 Mar 2025 | 95
How Google tracks Android device users before they've even opened an app No warning, no opt-out, and critic claims ... no consent
Please fasten your seatbelts. A third of US air traffic control systems are 'unsustainable' And the FAA's modernization efforts are going so badly they won't exit turbulence any time soon
Apple drags UK government to court over 'backdoor' order Updated A first-of-its-kind legal challenge set to be heard this month, per reports
Cloudflare's bot bouncer blocks weirdo browsers Not on Firefox or a Chrome derivative? You shall not pass
SpaceX loses a Falcon 9 booster and scrubs a Starship Reusable first stage of workhorse tips over after landing
Firefox 136 finally brings the features that fans wanted Vertical tabs, native Arm64 Linux version, and AMD GPU-accelerated video playback
VMware splats guest-to-hypervisor escape bugs already exploited in wild The heap overflow zero-day in the memory unsafe code by Miss Creant
Microsoft: So what if it costs 4X as much to run Windows Server in AWS, Alibaba, and Google? That's competition, that's protecting our IP, Redmond's lawyers tell UK monopoly cops
Windows 365 Disaster Recovery Plus promises Cloud PC comebacks in 30 minutes Presumably hosted by AWS?
It's bad enough we have to turn on cams for meetings, now the person staring at you may be an AI deepfake Says the biz trying to sell us stuff to catch that, admittedly
C++ creator calls for help to defend programming language from 'serious attacks' Bjarne Stroustrup wants standards body to respond to memory-safety push as Rust monsters lurk at the door Software02 Mar 2025 | 202
Ransomware criminals love CISA's KEV list – and that's a bug, not a feature 1 in 3 entries are used to extort civilians, says new paper Ransomware in Focus28 Feb 2025 | 5
Microsoft names alleged credential-snatching 'Azure Abuse Enterprise' operators Crew helped lowlifes generate X-rated celeb deepfakes using Redmond's OpenAI-powered cloud – claim AI + ML28 Feb 2025 | 3
Feds: Army soldier suspected of AT&T heist Googled ‘can hacking be treason,’ ‘defecting to Russia’ FYI: What NOT to search after committing a crime Cyber-crime27 Feb 2025 | 34
FBI officially fingers North Korea for $1.5B Bybit crypto-burglary Federal agents, open up ... your browsers and see if you recognize any of these wallets Cyber-crime27 Feb 2025 | 24
Does terrible code drive you mad? Wait until you see what it does to OpenAI's GPT-4o Updated Model was fine-tuned to write vulnerable software – then suggested enslaving humanity AI + ML27 Feb 2025 | 128
Wallbleed vulnerability unearths secrets of China's Great Firewall 125 bytes at a time Boffins poked around inside censorship engines – here's what they found Networks27 Feb 2025 | 39
With millions upon millions of victims, scale of unstoppable info-stealer malware laid bare 244M purloined passwords added to Have I Been Pwned thanks to govt tip-off Cyber-crime26 Feb 2025 | 10
Bybit declares war on North Korea's Lazarus crime-ring to regain $1.5B stolen from wallet Up to $140M in bounty rewards for return of Ethereum allegedly pilfered by hermit nation Cyber-crime26 Feb 2025 | 15
Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV) Starting with Snapdragon 8 Elite and 'droid 15 Personal Tech26 Feb 2025 | 5
Signal will withdraw from Sweden if encryption-busting laws take effect Experts warned the UK’s recent 'victory' over Apple would kickstart something of a domino effect Security26 Feb 2025 | 119
200-plus impressively convincing GitHub repos are serving up malware Infosec bytes Plus: DOGE staff quit; LastPass PC, Mac gasp; and CISA warns Oracle and Adobe flaws under attack Security26 Feb 2025 | 9
Incoming deputy boss of Homeland Security says America's top cyber-agency needs to be reined in Plus: New figurehead of DOGE emerges and they aren't called Elon Public Sector26 Feb 2025 | 37
Drug-screening biz DISA took a year to disclose security breach affecting millions If there's something nasty on your employment record, extortion scum could come calling Cyber-crime26 Feb 2025 | 5
Xi know what you did last summer: China was all up in Republicans' email, says book Of course, Microsoft is in the mix, isn't it Cyber-crime25 Feb 2025 | 30
MITRE Caldera security suite scores perfect 10 for insecurity Is a trivial remote-code execution hole in every version part of the training, or? Research25 Feb 2025 | 11
Harassment allegations against DEF CON veteran detailed in court filing More than a dozen women came forward with accusations Security25 Feb 2025 | 12
Data resilience and data portability Why organizations should protect everything, everywhere, all at once Sponsored Feature
China's Silver Fox spoofs medical imaging apps to hijack patients' computers Sly like a PRC cyberattack Research25 Feb 2025 | 2
Malware variants that target operational tech systems are very rare – but 2 were found last year Fuxnet and FrostyGoop were both used in the Russia-Ukraine war Research25 Feb 2025 | 4
Southern Water takes the fifth over alleged $750K Black Basta ransom offer Leaked chats and spilled secrets as AI helps decode circa 200K private talks Ransomware in Focus25 Feb 2025 | 34
How nice that state-of-the-art LLMs reveal their reasoning ... for miscreants to exploit Analysis Blueprints shared for jail-breaking models that expose their chain-of-thought process AI + ML25 Feb 2025 | 30
Google binning SMS MFA at last and replacing it with QR codes Everyone knew texted OTPs were a dud back in 2016 CSO25 Feb 2025 | 105
US Dept of Housing screens sabotaged to show deepfake of Trump sucking Elon's toes 'Appropriate action will be taken,' we're told – as federal HR email sparks uproar, ax falls on CISA staff Public Sector24 Feb 2025 | 134
The software UK techies need to protect themselves now Apple's ADP won’t No matter how deep you are in Apple's 'ecosystem,’ there are ways to stay encrypted in Blighty Security24 Feb 2025 | 124
Rather than add a backdoor, Apple decides to kill iCloud encryption for UK peeps Infosec in brief Plus: SEC launches new crypto crime unit; Phishing toolkit upgraded; and more Security24 Feb 2025 | 88
Experts race to extract intel from Black Basta internal chat leaks Researchers say there's dissent in the ranks. Plus: An AI tool lets you have a go yourself at analysing the data Ransomware in Focus21 Feb 2025 | 5
Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws PoC exploit code shows why this is a patch priority Patches21 Feb 2025 |
Thailand ready to welcome 7,000 trafficked scam call center victims back from Myanmar It comes amid a major crackdown on the abusive industry that started during COVID Security21 Feb 2025 | 4
Linux royalty backs adoption of Rust for kernel code, says its rise is inevitable Final update Nobody wants memory bugs. Penguinistas continue debate on how to squish 'em OSes21 Feb 2025 | 178
Microsoft expands Copilot bug bounty targets, adds payouts for even moderate messes Said bugs 'can have significant implications' – glad to hear that from Redmond AI + ML20 Feb 2025 | 7
Oops, some of our customers' Power Pages-hosted sites were exploited, says Microsoft Don't think this is SaaS and you can relax: Redmond wants a few of you to check your websites Cyber-crime20 Feb 2025 | 4
US minerals company says crooks broke into email and helped themselves to $500K A painful loss for young company that's yet to generate revenue Cyber-crime20 Feb 2025 | 10
Critical flaws in Mongoose library expose MongoDB to data thieves, code execution Bugs fixed, updating to the latest version is advisable Research20 Feb 2025 | 2
Two arrested after pensioner scammed out of six-figure crypto nest egg The latest in a long line of fraud stings worth billions each year Security20 Feb 2025 | 18
Ghost ransomware crew continues to haunt IT depts with scarily bad infosec FBI and CISA issue reminder - deep sigh - about the importance of patching and backups Ransomware in Focus20 Feb 2025 | 7
Medusa ransomware gang demands $2M from UK private health services provider Exclusive 2.3 TB held to ransom as biz formerly known as Virgin Care tells us it's probing IT 'security incident' Cyber-crime20 Feb 2025 | 10
US Army soldier linked to Snowflake extortion rampage admits breaking the law That's the way the cookie melts Cyber-crime20 Feb 2025 |
Trump’s DoD CISO pick previously faced security clearance suspension Hey, at least Katie Arrington brings a solid resume Public Sector19 Feb 2025 | 14
Check out this free automated tool that hunts for exposed AWS secrets in public repos You can find out if your GitHub codebase is leaking keys ... but so can miscreants Security19 Feb 2025 | 2
Hundreds of Dutch medical records bought for pocket change at flea market 15GB of sensitive files traced back to former software biz Storage19 Feb 2025 | 40
London celebrity talent agency reports itself to ICO following Rhysida attack claims Showbiz members' passport scans already plastered online Cyber-crime19 Feb 2025 | 2
Healthcare outfit that served military personnel settles allegations it faked infosec compliance for $11M If this makes you feel sick, knowing this happened before ransomware actors started targeting medical info may help Security19 Feb 2025 | 8
Palo Alto firewalls under attack as miscreants chain flaws for root access If you want to avoid urgent patches, stop exposing management consoles to the public internet Security19 Feb 2025 | 8
Snake Keylogger slithers into Windows, evades detection with AutoIt-compiled payload Because stealing your credentials, banking info, and IP just wasn’t enough Research18 Feb 2025 | 8
US newspaper publisher uses linguistic gymnastics to avoid saying its outage was due to ransomware Called it an 'incident' in SEC filing, but encrypted apps and data exfiltration suggest Lee just can’t say the R word Ransomware in Focus18 Feb 2025 | 12
FreSSH bugs undiscovered for years threaten OpenSSH security Exploit code now available for MitM and DoS attacks Patches18 Feb 2025 | 16
Time to make C the COBOL of this century Opinion Lions juggling chainsaws are fun to watch, but you wouldn't want them trimming your trees CSO18 Feb 2025 | 223
Indian authorities seize loot from collapsed BitConnect crypto scam Devices containing crypto wallets tracked online, then in the real world Cyber-crime18 Feb 2025 | 14
XCSSET macOS malware returns with first new version since 2022 Known for popping zero-days of yesteryear, Microsoft puts Apple devs on high alert Research17 Feb 2025 | 6
Twin Google flaws allowed researcher to get from YouTube ID to Gmail address in a few easy steps Infosec In Brief PLUS: DOGE web design disappoints; FBI stops crypto scams; Zacks attacked again; and more! Security17 Feb 2025 | 12
Fujitsu worries US tariffs will see its clients slow digital spend Asia In Brief PLUS: Pacific islands targeted by Chinese APT; China’s new rocket soars; DeepSeek puts Korea in a pickle; and more Public Sector16 Feb 2025 | 1
This open text-to-speech model needs just seconds of audio to clone your voice Hands on El Reg shows you how to run Zyphra's speech-replicating AI on your own box AI + ML16 Feb 2025 | 47
Nearly 10 years after Data and Goliath, Bruce Schneier says: Privacy’s still screwed Interview 'In 50 years, I think we'll view these business practices like we view sweatshops today' Security15 Feb 2025 | 74
If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish Roses aren't cheap, violets are dear, now all your access token are belong to Vladimir CSO15 Feb 2025 | 27
SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN updated Roses are red, violets are blue, CVE-2024-53704 is sweet for a ransomware crew Networks14 Feb 2025 | 9
Critical PostgreSQL bug tied to zero-day attack on US Treasury High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further Research14 Feb 2025 | 21
2 charged over alleged New IRA terrorism activity linked to cops' spilled data Officer says mistakenly published police details were shared 'a considerable amount of times' Security14 Feb 2025 | 21
Watchdog ponders why Apple doesn't apply its strict app tracking rules to itself Germany's Federal Cartel Office voices concerns iPhone maker may be breaking competition law Security14 Feb 2025 | 23
Chinese spies suspected of 'moonlighting' as tawdry ransomware crooks Some employees steal sticky notes, others 'borrow' malicious code Ransomware in Focus14 Feb 2025 | 11
More victims of China's Salt Typhoon crew emerge: Telcos just now hit via Cisco bugs Networks in US and beyond compromised by Beijing's super-snoops pulling off priv-esc attacks Networks13 Feb 2025 | 5
US lawmakers press Trump admin to oppose UK's order for Apple iCloud backdoor Senator, Congressman tell DNI to threaten infosec agreements if Blighty won't back down Security13 Feb 2025 | 57
North Korea targets crypto developers via NPM supply chain attack Yet another cash grab from Kim's cronies and an intel update from Microsoft Research13 Feb 2025 | 8
Mysterious Palo Alto firewall reboots? You're not alone Limited-edition hotfix to get wider release before end of month Networks13 Feb 2025 | 6
Have I Been Pwned likely to ban resellers from buying subs, citing 'sh*tty behavior' and onerous support requests 'What are customers actually getting from resellers other than massive price markups?' asks Troy Hunt Channel13 Feb 2025 | 33
Feds want devs to stop coding 'unforgivable' buffer overflow vulnerabilities FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff CSO13 Feb 2025 | 75
Sophos sheds 6% of staff after swallowing Secureworks De-dupes some roles, hints others aren't needed as the infosec scene shifts CSO13 Feb 2025 | 7
Trump’s cyber chief pick has little experience in The Cyber GOP lawyer Sean Cairncross will be learning on the fly, as we also say hi to new intelligence boss Tulsi Gabbard Public Sector12 Feb 2025 | 54
Arizona laptop farmer pleads guilty for funneling $17M to Kim Jong Un 300+ US companies, 70+ individuals hit by the fraudsters Cyber-crime12 Feb 2025 | 20
Ransomware isn't always about the money: Government spies have objectives, too Feature Analysts tell El Reg why Russia's operators aren't that careful, and why North Korea wants money AND data Ransomware in Focus12 Feb 2025 | 7
Russia's Sandworm caught snarfing credentials, data from American and Brit orgs 'Near-global' initial access campaign active since 2021 Research12 Feb 2025 | 9
Crimelords and spies for rogue states are working together, says Google Only lawmakers can stop them. Plus: software needs to be more secure, but what's in it for us? Cyber-crime12 Feb 2025 | 21
February's Patch Tuesday sees Microsoft offer just 63 fixes Patch Tuesday Don't relax just yet: Redmond has made some certificate-handling changes that could trip unprepared admins Security12 Feb 2025 | 10
Probe finds US Coast Guard has left maritime cybersecurity adrift Numerous systemic vulnerabilities could scuttle $5.4T industry Public Sector11 Feb 2025 | 13
Yup, AMD's Elba and Giglio definitely sound like they work corporate security Which is why Cisco is adding these Pensando DPUs to more switches Networks11 Feb 2025 | 3
'Key kernel maintainers' still back Rust in the Linux kernel, despite the doubters Rustaceans could just wait for unwelcoming C coders to slowly SIGQUIT... OSes11 Feb 2025 | 44
Triplestrength hits victims with triple trouble: Ransomware, cloud hijacks, crypto-mining These crooks have no chill Ransomware in Focus11 Feb 2025 |
UK, US, Oz blast holes in LockBit's bulletproof hosting provider Zservers Huge if true: Brit Foreign Sec says Putin running a 'corrupt mafia state' Cyber-crime11 Feb 2025 | 41
Man who SIM-swapped the SEC's X account pleads guilty Said to have asked search engine 'What are some signs that the FBI is after you?' Cyber-crime11 Feb 2025 | 9